1. Technical Field
This disclosure relates generally to auditing of events in the context of a “cloud” compute environment and, in particular, to techniques to ensure the integrity of security event log data that is being actively managed in the system.
2. Background of the Related Art
An emerging information technology (IT) delivery model is cloud computing, by which shared resources, software and information are provided over the Internet to computers and other devices on-demand. Cloud computing can significantly reduce IT costs and complexities while improving workload optimization and service delivery. With this approach, an application instance can be hosted and made available from Internet-based resources that are accessible through a conventional Web browser over HTTP. An example application might be one that provides a common set of messaging functions, such as email, calendaring, contact management, and instant messaging. A user would then access the service directly over the Internet. Using this service, an enterprise would place its email, calendar and/or collaboration infrastructure in the cloud, and an end user would use an appropriate client to access his or her email, or perform a calendar operation.
Cloud compute resources are typically housed in large server farms that run networked applications, typically using a virtualized architecture wherein applications run inside virtual servers, or so-called “virtual machines” (VMs), that are mapped onto physical servers in a data center facility. The virtual machines typically run on top of a hypervisor, which is a control program that allocates physical resources to the virtual machines.
It is known in the art to provide an appliance-based solution to facilitate rapid adoption and deployment of cloud-based offerings. One such appliance is IBM® Workload Deployer, which is based on the IBM DataPower® 7199/9005 product family. Typically, the appliance is positioned directly between the business workloads that many organizations use and the underlying cloud infrastructure and platform components. Because of this unique position, the appliance can receive and act upon operational data, and it can monitor application workload demand conditions and adjust resource allocation or prioritization as required to achieve established service level agreements. IBM Workload Deployer also may be used to manage a shared, multi-tenant environment, where isolation and security are important. To that end, a security and administrative event auditing function may be used to capture all records of all activities in the system. These events include, without limitation, security events such as authentication, access control, digital signature validation, and the like, as well as administrative types of events such as configuration data access and updates. Event records are stored internally in an event log, which is typically implemented in the appliance as a relational database. An interface (e.g., REST-based) enables customers to access and download the event records to persistent storage external to the appliance (e.g., for long term archival), and to subsequently remove the event records from internal storage in the appliance itself.
While this event auditing function works well for its intended purpose, there is a need to protect the integrity of the event log data to ensure that no event records will be removed from the internal appliance data store before they are downloaded successfully to the external data store.